My group is moving from HTTP to HTTPS with using a wildcard SSL certificate. In the HTTP environment we were able to access an intranet site using the generic site name (website.com) and the specific name (website.agency.state.xx.us).
The wildcard certificate is allowing us to use the specific name currently. Can we configure it to also use the generic / short site name?
You could have two certificates for each domain name and resolve the names to the same server
Related
Here is my situation:
I own and control coolwebsite.com
Many websites have a CNAME entry pointing to coolwebsite.com
For example, lamewebsite.com CNAME's a.lamewebsite.com to coolwebsite.com
There are about 50 of these other websites that point to mine, none of which I can control easily
How can I get an SSL certificate that will work with these CNAME's?
There are about 50 of these other websites that point to mine, none of which I can control easily
If you have no control over these web sites or their DNS settings than you should not be able to get a certificate for these. If this would be possible than it would be a serious security issue.
This appears to be a shared hosting kind of setup where you host the websites for clients and allow them to point their own domains to your server and use SNI or host header to serve a correct website based on domain used in the request.
More information like is above correct, where you're getting your TLS certs from, do you want to use single cert to cover everything or a cert per domain would be useful, but in general you can get a certificate with multiple Subject Alternative Names for different domain names/sites.
E.g. if you're using Let's Encrypt, with Domain Validation, you don't need control over domain's DNS, only over content served from that domain. And if people point their aliases (CNAMEs) to your web server then you already have it.
My site on openshift works with http and https prefix. Does it mean that https is allready set up properly so I do not need any additional steps to configure it there? Do I need any ssl sertificate for https?
As you mentioned in comments, you are using openshift v2.
Here you can use either custom rhcloud.com subdomain or use your own domain name.
All applications URL under rhcloud.com (say, example-username.rhcloud.com) use a shared SSL certificate. So, If you use rhcloud.com subdomain, you don't need to configure anything. They automatically provide *.rhcloud.com wildcard certificate.
To use HTTPS for your custom domain name (say, www.example.com) or alias, you need to upload your own certificate. To upload custom SSL certificate, You need to subscribe to a Premium plan. Free plan does not allow custom SSL certificate.
You can read more about how to set up custom domain, alias or SSL certificate, here. The previous documentation link is valid only for openshift v2.
I am having a bit of trouble understanding how many ssl certificates I should get under specific conditions:
I have two pages the user is supposed to use (index and main) and all other scripts users don't access in the front end (e.g. uploadFile.php).
I have socket.io implemented in port x which I want to run over https protocol.
How many ssl certificates should I get under these conditions to assure secure data traffic? (is the data from all other php scripts still secure if index and main have ssl?)
SSL cert is issued for a specific DNS name. So if you run your PHP and Socket.io applications on the same domain, one cert is surely enough to secure both.
If you run your app on two different domains, you need to (a) use two separate regular certificates, or (b) have one SAN certificate (it secures multiple DNS names).
Also there is a wildcard certificate, it secures all direct subdomains of specified domain (*.some-site.com). It can be combined with SAN feature, so it can secure base domain some-site.com and direct subdomains as well.
IF your website is accessed via different website on https , then your website and the website through which its accessed needs to have their separate SSL certificate.
If your website does not have an ssl certificate , the connection will be dropped when your website link is accessed via other website.
We have a server running Win Server 2003 SP1 with IIS 6. The server runs three websites of which only one needs to be secured. However, adding HTTPS in front of any of the others redirects the user to the secured website.
From my reading I can see it's because pre SP1 SSL worked based on IP addresses only whereas post SP1 it is possible to configure it for host headers using some scripts. That's all great.
What I need to know is what the final requirements be if I have the following for my applications:
http://www.site1.com - SSL not required, but if the user types in https://www.site1.com it should not redirect to https://app.site1.com
http://www.site2.com - SSL not required, same as 1.
http://app.site1.com - SSL required.
Questions
Do I need to purchase 2 wildcard certificates for this configuration. One for *.site1.com and one for *.site2.com?
If I do get two wildcard certificates do I configure each of the sites to use them and assume that the user can choose to view https://www.site1.com can do so without being redirected
There are a number of similar questions on Stack, but not quite the same requirements. See
Hosting multiple sites in IIS 6, one need SSL
Edit
Microsoft's Recommendation on IIS6 and Wildcard certificates
I found a link where Microsoft explains more about using Wildcard certificates to configure the scenario I have described: https://web.archive.org/web/20161114165638/https://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/596b9108-b1a7-494d-885d-f8941b07554c.mspx?mfr=true
Note: We are definitely having the scenario where if the user browses to https://www.site1.com the browser displays the exception (which is correct) but then after accepting the exception they're being redirected to https://app.site1.com.
If you need to secure only http://app.site1.com then you don’t need to buy wildcard ssl certificate. You can simply secure your website using domain SSL Certificate. (Recommended SSL: RapidSSL Certificate, Thawte SSL123, QuickSSL Premium)
Suppose your all three websites are hosted on same IP address.
When user type https://www.site1.com then he will not redirect to your https://app.site1.com but visitor will get domain mismatch error in his browser because of same IP address.
Wildcard SSL can only secure your primary domain plus unlimited sub domain for that primary domain name.
Example: site1.com, www.site1.com, mail.site1.com, blog.site1.com
If you want to secure *site1.com and *.site2.com then you should go with Multi Domain SSL Certificate instead of Wildcard ssl certificate.
We would like to setup an application on Windows Azure at abc.cloudapp.net which would have a CNAME record for www.mydomain.com pointing to it and then allow clients to do the same. Our application would then look at the requested URL and then pull out relevant data based on the requested domain (abc.theirdomain.com or www.theirotherdomain.com).
Our initial tests show that this should work, however the problem lies in that we need the site to be secure. So we'd like clients to be able to setup shared SSL certs with us that we would upload to our Azure subscription that then allowed them to create a CNAME record (abc.theirdomain.com or www.theirotherdomain.com) that points to either www.mydomain.com or abc.cloudapp.net.
Is this possible?
Edit: I'm not sure if this is the same question as Azure web role - Multiple ssl certs pointing to a single endpoint.
We've used a multi-domain certificate in this situation - see http://www.comodo.com/business-security/digital-certificates/multi-domain-ssl.php for details. This will work for up to 100 different top-level domains.
The problem with a multi-domain certificate is that it is more expensive than a "normal" certificate and that every time you add a new domain, you will have to deploy a new package with the updated certificate.
On the other hand, you could have multiple SSL certificates (one for each domain) and then the answer you seek is here Azure web role - Multiple ssl certs pointing to a single endpoint.
No, I don't think your setup would be possible with a single SSL cert. In general, SSL certs are tied to the hostname (e.g. foo.domain.com and foo.domain2.com need different certs). However, you can purchase a wildcard SSL cert that will help if you use the same root domain, but different subdomains (e.g. foo.domain.com and foo2.domain.com can share a wildcard cert).
So, in your case, since you are allowing different root domains, then you need a different SSL cert for each. If instead you choose to allow different sub-domains on same root domain, you can get away with the wildcard cert.